Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/MeJt4DbVzpU_LJnEX_84bzboA3o.roa
File: MeJt4DbVzpU_LJnEX_84bzboA3o.roa (raw, json)
Hash identifier: 9R7YjlRtCevVm3+ZIUTDMh1Aiu+9CW7LcsJoowYOShg=
Subject key identifier: 31:E2:6D:E0:36:D5:CE:95:3F:2C:99:C4:5F:FF:38:6F:36:E8:03:7A
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 5555
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MeJt4DbVzpU_LJnEX_84bzboA3o.roa
Signing time: Sun 12 May 2024 08:54:25 +0000
ROA not before: Sun 12 May 2024 08:54:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.239.0.0/19 maxlen: 19
101.78.32.0/19 maxlen: 19
103.35.0.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21845 (0x5555)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 12 08:54:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=31E26DE036D5CE953F2C99C45FFF386F36E8037A
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:24:3e:c0:44:5c:57:57:83:e1:bd:d8:a1:e4:
3b:6a:b2:32:dc:e5:80:da:ee:d1:38:ca:f0:5c:0d:
0b:1d:04:78:b8:46:29:5f:43:9d:1f:25:35:6a:6f:
57:59:4b:88:26:c2:f5:e6:a5:de:64:db:90:ca:e1:
07:60:8a:15:71:43:05:bf:e3:43:ef:82:19:a1:f3:
e3:1e:f8:d3:c9:45:3b:29:a1:95:f0:49:6a:6e:2d:
cf:fe:a6:b4:03:4b:7e:1e:33:27:34:74:98:a8:70:
c3:eb:2f:09:23:ff:cf:42:43:b2:ce:b2:d8:53:85:
fd:ab:10:0c:e8:b0:30:41:59:94:72:88:f2:18:db:
69:9d:be:d2:59:9c:4b:75:b6:8b:98:8f:67:42:19:
bc:f9:4a:78:38:41:18:77:3a:12:63:03:33:59:f5:
a5:72:5e:4e:06:54:af:ea:7d:43:64:2a:98:72:9f:
21:9d:94:67:9d:79:ca:a6:f4:bd:91:7d:f7:e5:6a:
18:a3:00:5f:e7:a8:f3:af:fd:a6:2a:ba:31:6c:1e:
10:4b:4b:ca:33:d5:45:52:60:3e:f6:14:5c:b9:0b:
5b:3b:d3:9e:50:7e:c8:a8:34:11:d9:4d:9c:21:58:
82:8e:72:2d:97:f9:4c:12:f8:00:a9:a2:38:1f:c0:
19:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:E2:6D:E0:36:D5:CE:95:3F:2C:99:C4:5F:FF:38:6F:36:E8:03:7A
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/MeJt4DbVzpU_LJnEX_84bzboA3o.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.239.0.0/19
101.78.32.0/19
103.35.0.0/19
Signature Algorithm: sha256WithRSAEncryption
14:c1:ec:cb:92:af:e5:78:28:14:7c:a2:ff:3c:d4:0f:45:25:
35:0f:47:25:8c:48:37:d0:e9:b4:bd:df:a7:4c:14:44:89:4c:
92:94:32:b2:23:cc:6c:5f:46:c5:36:09:11:01:53:dc:ec:74:
28:5f:e9:26:42:28:dc:d4:27:49:fb:2d:1a:73:8f:a0:83:03:
6e:36:98:58:37:dd:32:44:cd:90:91:34:0e:e1:68:97:2f:05:
a6:cd:3b:98:1b:ac:73:bf:78:25:f2:d4:54:91:bb:a2:1d:4c:
67:46:f6:86:a0:8c:3c:e1:0b:39:99:39:10:a7:7b:63:04:8f:
6d:a4:60:12:1c:10:b7:83:c5:6b:c8:c6:05:1b:4e:a6:59:8f:
4a:93:1c:23:ee:08:32:41:b7:fa:33:be:bd:27:23:9c:88:d5:
a5:11:13:4b:3a:a0:83:dd:39:46:c8:d5:63:96:df:a7:ba:42:
f8:48:65:fe:39:3b:16:c4:d3:74:a2:02:c0:77:fe:ed:b9:11:
5a:1d:47:e0:02:8c:40:06:05:b3:16:b1:8c:60:00:35:d5:12:
b7:41:20:aa:0e:ef:b1:fb:7b:3c:3c:d2:54:da:c1:0a:79:c6:
fd:4b:a4:f7:dd:a6:36:a7:13:08:a3:bc:5c:0c:35:3a:76:dd:
15:bd:36:e6
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgICVVUwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTIw
ODU0MjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDMxRTI2REUwMzZENUNF
OTUzRjJDOTlDNDVGRkYzODZGMzZFODAzN0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJJD7ARFxXV4Phvdih5DtqsjLc5YDa7tE4yvBcDQsdBHi4Rilf
Q50fJTVqb1dZS4gmwvXmpd5k25DK4QdgihVxQwW/40Pvghmh8+Me+NPJRTspoZXw
SWpuLc/+prQDS34eMyc0dJiocMPrLwkj/89CQ7LOsthThf2rEAzosDBBWZRyiPIY
22mdvtJZnEt1touYj2dCGbz5Sng4QRh3OhJjAzNZ9aVyXk4GVK/qfUNkKphynyGd
lGedecqm9L2RffflahijAF/nqPOv/aYqujFsHhBLS8oz1UVSYD72FFy5C1s7055Q
fsioNBHZTZwhWIKOci2X+UwS+ACpojgfwBlvAgMBAAGjggH9MIIB+TAdBgNVHQ4E
FgQUMeJt4DbVzpU/LJnEX/84bzboA3owHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L01lSnQ0RGJWenBVX0xK
bkVYXzg0Ynpib0Ezby5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBID
BAUr7wADBAVlTiADBAVnIwAwDQYJKoZIhvcNAQELBQADggEBABTB7MuSr+V4KBR8
ov881A9FJTUPRyWMSDfQ6bS936dMFESJTJKUMrIjzGxfRsU2CREBU9zsdChf6SZC
KNzUJ0n7LRpzj6CDA242mFg33TJEzZCRNA7haJcvBabNO5gbrHO/eCXy1FSRu6Id
TGdG9oagjDzhCzmZORCne2MEj22kYBIcELeDxWvIxgUbTqZZj0qTHCPuCDJBt/oz
vr0nI5yI1aURE0s6oIPdOUbI1WOW36e6QvhIZf45OxbE03SiAsB3/u25EVodR+AC
jEAGBbMWsYxgADXVErdBIKoO77H7ezw80lTawQp5xv1LpPfdpjanEwijvFwMNTp2
3RW9NuY=
-----END CERTIFICATE-----
Generated at Sat May 17 23:37:21 2025 by rpki-client